Author: [email protected] (The Hacker News)

Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines, and other sensitive data without the users’ knowledge pixel-by-pixel. The attack has been codenamed Pixnapping by a group of academics from the University of California (Berkeley), University … Read More “New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions  – The Hacker News” »

Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). The attack, per ETH Zürich researchers Benedict Schlüter and Shweta Shinde, exploits AMD’s incomplete protections that make it possible to perform a single memory  … Read More “RMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing  – The Hacker News” »

Every October brings a familiar rhythm – pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the corner, yet for those of us in cybersecurity, Security Awareness Month is the true seasonal milestone. Make no mistake, as a security professional, I love … Read More “Moving Beyond Awareness: How Threat Hunting Builds Readiness  – The Hacker News” »

By Derek B. Johnson For more than a year, hackers from a Chinese state-backed espionage group maintained backdoor access to a popular software mapping tool by turning one of its own features into a webshell, according to new research from ReliaQuest. In a report published Tuesday, researchers said that Flax Typhoon — a group that … Read More “Flax Typhoon can turn your own software against you  – CyberScoop” »

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Astaroth banking trojan has evolved to use GitHub and steganography for resilient C2, hiding its vital commands in images. Learn how this sophisticated malware employs fileless techniques to steal banking and crypto credentials from users across Latin America.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity today is defined by complexity. Threats evolve in real time, driven by AI-generated malware, autonomous reconnaissance, and adversaries capable of pivoting faster than ever.  In a recent survey by DarkTrace of more than 1,500 cybersecurity professionals worldwide, nearly 74% said AI-powered threats are a major challenge for their organization, and 90% expect these threats … Read More “Red, Blue, and Now AI: Rethinking Cybersecurity Training for the 2026 Threat Landscape  – CyberScoop” »

Luxembourg, Luxembourg, 14th October 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks. Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for … Read More “npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels  – The Hacker News” »

Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. The Proofpoint Threat Research Team described the threat activity cluster as sophisticated, leveraging web injections and filtering checks as part of its attack chains. “TA585 is notable because it  … Read More “Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain  – The Hacker News” »

Fortra, in its most forceful admission yet, confirmed a maximum-severity defect it disclosed in GoAnywhere MFT has been actively exploited in attacks, yet researchers are still pressing the vendor to be more forthcoming about how attackers obtained a private key required to achieve exploitation. The vendor published a summary of its investigation into CVE-2025-10035 Thursday, … Read More “Fortra cops to exploitation of GoAnywhere file-transfer service defect  – CyberScoop” »

ShinyHunters and its affiliate hackers have leaked data from 6 firms, including Qantas and Vietnam Airlines, after claiming to breach 39 companies via a Salesforce vulnerability.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Just weeks after its release, OpenAI’s Guardrails system was quickly bypassed by researchers. Read how simple prompt injection attacks fooled the system’s AI judges and exposed an ongoing security concern for OpenAI.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Every week, the cyber world reminds us that silence doesn’t mean safety. Attacks often begin quietly — one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time alarms sound, the damage is done. This week’s edition looks at how attackers are changing the game — linking different flaws, working together across borders, … Read More “⚡ Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More  – The Hacker News” »

Cybersecurity researcher Jeremiah Fowler discovered nearly 180,000 files, including PII and banking details, left exposed on an unprotected database linked to the Invoicely platform. Read about the identity theft and financial fraud risks for over 250,000 businesses worldwide.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems see nothing. With the 2025 shopping season weeks away, visibility gaps must close now. Get the complete Holiday Season Security Playbook here. Bottom Line Up … Read More “Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk  – The Hacker News” »

Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving “credible reports” in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users’ devices. “Threat actors were leveraging basic social engineering techniques alongside unpatched (0-day) exploits in Internet Explorer’s JavaScript  – … Read More “Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor  – The Hacker News” »

Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors. The activity, described as akin to an “exploit shotgun” approach, has singled out a wide range of internet-exposed infrastructure, including routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV systems, web servers, and  … Read More “Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors  – The Hacker News” »

Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns. “Instead of relying solely on traditional command-and-control (C2) servers that can be taken down, these attackers are leveraging GitHub repositories to host … Read More “Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns  – The Hacker News” »

Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts. “Threat actors leveraged compromised credentials that mapped to both Cisco VPN and an over-privileged Active Directory account named, ‘serviceaccount,’” eSentire said in a technical report published  – Read More  … Read More “New Rust-Based Malware “ChaosBot” Uses Discord Channels to Control Victims’ PCs  – The Hacker News” »

Oracle on Saturday issued a security alert warning of a fresh security flaw impacting its E-Business Suite that it said could allow unauthorized access to sensitive data. The vulnerability, tracked as CVE-2025-61884, carries a CVSS score of 7.5, indicating high severity. It affects versions from 12.2.3 through 12.2.14. “Easily exploitable vulnerability allows an unauthenticated attacker … Read More “New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login  – The Hacker News” »

Cybersecurity company Huntress on Friday warned of “widespread compromise” of SonicWall SSL VPN devices to access multiple customer environments. “Threat actors are authenticating into multiple accounts rapidly across compromised devices,” it said. “The speed and scale of these attacks imply that the attackers appear to control valid credentials rather than brute-forcing.” A significant chunk of  … Read More “Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts  – The Hacker News” »

Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware attacks likely orchestrated by Storm-2603 (aka CL-CRI-1040 or Gold Salem), which is known for deploying the Warlock and LockBit ransomware. The threat actor’s use of the security utility was documented by Sophos last month. It’s assessed that … Read More “Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks  – The Hacker News” »

A fast-spreading Android spyware is mushrooming across Russia, camouflaging itself as popular apps like TikTok or YouTube, researchers at Zimperium have revealed in a blog post. The company told CyberScoop they expect the campaign is likely to expand beyond Russian borders, too. In three months, Zimperium zLabs researchers observed more than 600 samples, the company … Read More ” Russian spyware ClayRat is spreading, evolving quickly, according to Zimperium  – CyberScoop” »

The Trump administration wants your voter data. Since President Donald Trump took office in January, the Department of Justice has made an ambitious effort to collect sensitive voter data from all 50 states, including information that one election expert described as “the holy trinity” of identity theft: Social Security numbers, driver’s license numbers and dates … Read More “Dems introduce bill to halt mass voter roll purges   – CyberScoop” »

An Authentication Bypass (CVE-2025-5947) in Service Finder Bookings plugin allows any unauthenticated attacker to log in as an administrator. Over 13,800 exploit attempts detected. Update to v6.1 immediately.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The world’s largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet’s attacks, … Read More “DDoS Botnet Aisuru Blankets US ISPs in Record DDoS  – Krebs on Security” »

Fortinet warns of Stealit, a MaaS infostealer, now targeting Windows systems and evading detection by using Node.js’s SEA feature while hiding in fake game and VPN installers.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts. “Storm-2657 is actively targeting a range of U.S.-based organizations, particularly employees in sectors like higher education, to gain access to third-party human resources (HR) software as a service (SaaS) platforms like Workday,” … Read More “Microsoft Warns of ‘Payroll Pirates’ Hijacking HR SaaS Accounts to Steal Employee Salaries  – The Hacker News” »

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js’ Single Executable Application (SEA) feature as a way to distribute its payloads. According to Fortinet FortiGuard Labs, select iterations have also employed the open-source Electron framework to deliver the malware. It’s assessed that the malware is being propagated through  … Read More “Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers  – The Hacker News” »

Menlo Park, USA, 10th October 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that’s assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11 following a “potential vulnerability” reported by a customer, uncovering “potentially … Read More “From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation  – The Hacker News” »

Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign. The packages have been collectively downloaded 26,000 times, acting as an infrastructure for a widespread phishing campaign codenamed Beamglea targeting more than 135 industrial, technology, … Read More “175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign  – The Hacker News” »

The SOC of 2026 will no longer be a human-only battlefield. As organizations scale and threats evolve in sophistication and velocity, a new generation of AI-powered agents is reshaping how Security Operations Centers (SOCs) detect, respond, and adapt. But not all AI SOC platforms are created equal. From prompt-dependent copilots to autonomous, multi-agent systems, the … Read More “The AI SOC Stack of 2026: What Sets Top-Tier Platforms Apart?  – The Hacker News” »